Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library.

Libraries 145

Libraries IT Cloud Data breaches 145

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC. The team recommends users to stop using the vulnerable version of the library. which we released last week.

Libraries 145

Libraries Encryption Privacy IT 145

IG Guru

JANUARY 25, 2021

. – The Crowley Company (Crowley), a worldwide leader in digitization scanning solutions and services with offices in Frederick, Maryland, San Dimas, California and Basingstoke, UK, is pleased to announce that the firm has been honored with LibraryWorks’ Modern Library (MLA) awards for the seventh consecutive year.

Libraries 89

Libraries Information governance Government 89

Security Affairs

NOVEMBER 5, 2021

Two popular npm libraries, coa and rc. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. Two npm libraries that have a total of 23 million weekly downloads, a data that is worrisome. 2/3] — npm (@npmjs) November 4, 2021. The post npm libraries coa and rc.

Libraries 137

Libraries Passwords Access Security 137

Krebs on Security

JANUARY 11, 2022

In May 2021, Microsoft patched a similarly critical and wormable vulnerability in the HTTP Protocol Stack; less than a week later, computer code made to exploit the flaw was posted online. . “Test and deploy this patch quickly.” ” Quickly indeed. “Thankfully the Windows preview pane is not a vector for this attack.”

Libraries 281

Libraries Security Access IT 281

Security Affairs

JUNE 9, 2021

Microsoft’s June 2021 Patch Tuesday addressed 50 vulnerabilities, including six zero-day issues that are being actively exploited in the wild. Five vulnerabilities fixed by Microsoft’s June 2021 Patch Tuesday are rated Critical and 45 are rated Important in severity. Follow me on Twitter: @securityaffairs and Facebook.

Libraries 131

Libraries Cybersecurity Security IT 131

Security Affairs

JANUARY 1, 2022

Which are the most-read cyber stories of 2021? Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants. This post includes Top Posts for the last 365 days.

Security 123

Security Libraries Ransomware Passwords 123

IG Guru

APRIL 27, 2021

The post The Governance and Recordkeeping Around the World Newsletter April 2021 Edition available via Library and Archives Canada appeared first on IG GURU. Check out the post here.

Libraries 82

Libraries Archiving Government Records Management 82

Security Affairs

OCTOBER 31, 2022

VMware warned of the existence of a public exploit targeting a recently addressed critical remote code execution (RCE) vulnerability, tracked as CVE-2021-39144 (CVSS score of 9.8), in NSX Data Center for vSphere (NSX-V). The remote code execution vulnerability resides in the XStream open-source library. Pierluigi Paganini.

Libraries 123

Libraries Cloud Security IT 123

Security Affairs

MARCH 2, 2022

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. on February 24, 2022.

Libraries 98

Libraries Communications Security IT 98

CILIP

DECEMBER 13, 2021

Alongside our existing Partnership Agreement with CILIP in Scotland (renewed in 2021), we are working closely with the National Committees - CILIP Cymru Wales and CILIP Ireland - to establish a new basis for our work together under Joint Agreements. to promote collaboration between libraries in the UK and overseas. A year in review.

Libraries 98

Libraries Government Education Digital transformation 98

CILIP

JUNE 17, 2024

Libraries and the fight against truth decay Truth decay is the diminishing role of facts and analysis in public life, it is a phenomenon that erodes civil discourse, causes political paralysis, and leads to general uncertainty around what is and is not. A healthy democracy is helped by an open exchange of views,” said Stijn.

Libraries 88

Libraries IT 88

eSecurity Planet

AUGUST 13, 2021

This article looks at the top digital forensic software tools of 2021 and what customers should consider when buying or acquiring a DSF tool. Best Digital Forensics Software Tools of 2021. The Sleuth Kit enables administrators to analyze file system data via a library of command-line tools for investing disk images. ProDiscover.

e-Discovery 139

e-Discovery Computer and Electronics Marketing Compliance 139

eSecurity Planet

JUNE 17, 2021

It offers baseline testing to find out how phish-prone an organization is, has a huge library of security awareness training content, automated training campaigns, simulated phishing attacks, and a way to monitor improvements in user behavior. Comprehensive training library with fresh content. Library of training and phishing content.

Cybersecurity 133

Cybersecurity Security awareness Phishing Education 133

Security Affairs

FEBRUARY 9, 2021

Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild. The CVE-2021-1732 zero-day is an elevation of privilege issues that resides in the Windows Win32k component. ” reads a blog post published by Microsoft.

IoT 101

IoT Libraries Encryption Security 101

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries 145

Libraries Ransomware Access Security 145

IT Governance

DECEMBER 1, 2021

With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion. The post List of data breaches and cyber attacks in November 2021 – 223.6 In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records.

Data breaches 141

Data breaches Ransomware Computer and Electronics Healthcare 141

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. Pierluigi Paganini.

Government 98

Government Access Libraries Education 98

Security Affairs

DECEMBER 18, 2021

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.

Libraries 145

Libraries Security Ransomware IT 145

Security Affairs

DECEMBER 12, 2021

Quebec shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw in the Apache Log4j Java-based logging library. Quebec shut down nearly 4,000 of its sites as a preventative measure after the disclosure of a PoC exploit for the Log4Shell flaw ( CVE-2021-44228 ) in the Apache Log4j Java-based logging library.

Libraries 131

Libraries Digital transformation Education Government 131

IT Governance

JANUARY 10, 2022

For many, 2021 was a year to forget. You can read more about that attack, along with the year’s other biggest stories, in our 2021 cyber security review of the year. 2021 got off to an inauspicious start when cyber security researchers reported a huge leak of Brazilian residents’ data. First came the Colonial Pipeline hack.

Security 110

Security Data breaches Ransomware Phishing 110

eSecurity Planet

NOVEMBER 5, 2021

It offers a library of customizable process apps to automate GRC processes, all within a no-code environment and uses a graph database that can evolve with businesses over time to continuously offer the best risk and compliance management for their unique needs. Also read: Top Vulnerability Management Tools for 2021. Visit website.

Risk 108

Risk Compliance Cloud Access 108

Security Affairs

DECEMBER 31, 2021

Below is the list of flaws discovered by the researchers: CVE-2021-20173 : Post Authentication Command Injection via SOAP Interface. CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Communications 145

Communications Libraries Encryption Passwords 145

IT Governance

SEPTEMBER 1, 2021

The post List of data breaches and cyber attacks in August 2021 – 61 million records breached appeared first on IT Governance UK Blog. Travel and medical insurance provider guard.me million) Indra hacking group blamed for attack on Iranian railway system (unknown) Willdan Group, Inc.

Data breaches 140

Data breaches Ransomware Insurance Data migration 140

Security Affairs

SEPTEMBER 25, 2021

for Windows, Mac, and Linux that addresses a high-severity zero-day vulnerability (CVE-2021-37973) exploited in the wild. Google confirmed that it is aware of the availability of an exploit for CVE-2021-37973, but the IT giant did not reveal if it is aware of attacks in the wild exploiting this issue. Pierluigi Paganini.

Libraries 127

Libraries IT Access Security 127

Security Affairs

DECEMBER 22, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. ” reads the description for the project. Pierluigi Paganini.

Libraries 132

Libraries Cybersecurity Security Government 132

Security Affairs

DECEMBER 13, 2021

Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library.

Mining 140

Mining Honeypots Libraries IT 140

Security Affairs

DECEMBER 11, 2021

Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 ( aka Log4Shell ), in the Apache Log4j Java-based logging library. p0rz9 revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups

Libraries 141

Libraries Cloud Access Cybersecurity 141

Krebs on Security

AUGUST 25, 2021

Investigators found the other defendant had the malware code that was bundled with the Electrum Atom application in his Github code library. A copy of the May 2021 complaint is here (PDF). Because plaintiff did not file his lawsuit until May 21, 2021, three years and five months after his injury, his claims should be dismissed.”

Libraries 349

Libraries Access IT 349

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware 140

Ransomware Libraries File names Encryption 140

Security Affairs

FEBRUARY 4, 2021

Google has addressed an actively exploited zero-day vulnerability, tracked as CVE-2021-21148, with the release of the Chrome 88.0.4324.150 version. The flaw was rated by Google as high severity, it was reported by Mattias Buelens on January 24th, 2021. “CVE-2021-21148: Heap buffer overflow in V8.

Libraries 135

Libraries Security Access IT 135

Security Affairs

OCTOBER 19, 2022

Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. ” reads the post published by Munoz.

Libraries 76

Libraries IT Security Information Security 76

Security Affairs

DECEMBER 14, 2021

US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. beta9 to 2.14.1. ” reads the announcement published by CISA.

Libraries 122

Libraries Cybersecurity Security Risk 122

The Texas Record

JULY 12, 2021

This event is organized by the Texas State Library and Archives Commission (TSLAC) and co-sponsored with the Texas Department of Information Resources (DIR) to promote electronic records management in Texas government. For more information about the 2021 e-Records conference, check out the conference website.

Records Management 78

Records Management Government Communications Libraries 78

Security Affairs

MARCH 15, 2021

The flaw, tracked as CVE-2021-21193, is a use after free vulnerability in the Blink rendering engine. 500][ 1167357 ] High CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15 [$TBD][ 1181387 ] High CVE-2021-21192: Heap buffer overflow in tab groups.

Libraries 144

Libraries Security IT Information Security 144

CILIP

JANUARY 25, 2023

Welcome to Libraries - an induction pack for frontline public library staff 25 January 2023 Welcome to Libraries - an induction pack for frontline public library staff Welcome to Libraries - your guide to working in public libraries is available as a digital publication and in a limited print format.

Libraries 52

Libraries 52

eSecurity Planet

JULY 8, 2021

They contain everything required to run applications, such as code, runtime, tools, libraries, and settings, and can run on top of an OS as designed regardless of the environment, so they’re more portable than virtual machines (VMs) and require fewer resources. Identifies non-OS third party libraries, including Node.js

Security 90

Security Cloud Compliance Metadata 90